<?php
include 'db.php';

session_start();
$submit = $_POST["login"];
$userName = $_POST["userName"];
$password = $_POST["password"];

$queryStr = "select * from l_user where user_name = %q and password = %q";
$param = array($userName, $password);
$result = dbOperate($queryStr, $param);

$row = mysql_fetch_assoc($result);

if($row) {
    // $_SESSION["userName"] = $userName;
    // $_SESSION["userCode"] = $row['user_code'];
    // $_SESSION["nickName"] = $row['nick_name'];
    // $_SESSION["password"] = $password;
    $_SESSION["user"] = serialize($row[0]);
    $_SESSION["passed"] = true;
    $_SESSION['msg'] = '登录成功';

    echo "<script>window.location.href='../index.html'</script>";
} else {
    $_SESSION["passed"] = false;
    $_SESSION['msg'] = '登录失败,请检查用户名或密码';
    echo "<script>window.location.href='../login.html'</script>";
}


?>